1 of 60

Can we improve privacy without breaking the web?

2 of 60

Privacy Settings

Breakage Study

August 2017

3 of 60

Brought to you by ...

Jacqueline Savory

Interaction Designer

Luke Crouch

PrivSec Engineer

Peter Dolanjski

Product Manager

4 of 60

Brought to you by ...

Ryan Harter

Browser Measurement

Ilana Segall

Data Science

Years of awesome

Privacy engineers

5 of 60

Existing Claims

Tracking Protection breaks websites

Broken websites make users leave Firefox

Some existing prefs could protect users with minimal breakage

6 of 60

Opt-in page

7 of 60

On-boarding

8 of 60

Report:

“page problem”

“page works”

9 of 60

Breakage type

10 of 60

Notes

11 of 60

Thank you!

12 of 60

Disable Study

13 of 60

The numbers

https://sql.telemetry.mozilla.org/dashboard/shield-study-improve-privacy-settings

14 of 60

19,000+ users

9 branches

https://github.com/mozilla/shield-study-privacy

15 of 60

2,100+ users in each branch

https://sql.telemetry.mozilla.org/queries/17837#73402

16 of 60

Up to 8,500 active users/day

https://sql.telemetry.mozilla.org/queries/23123#60018

17 of 60

About those claims ...

Tracking Protection breaks websites

Broken websites make users leave Firefox

Some existing prefs could protect users with minimal breakage

18 of 60

Does Tracking Protection

break websites?

19 of 60

Avg. problems reported per user looks lower for trackingProtection ...

https://sql.telemetry.mozilla.org/queries/23721#61701

20 of 60

Avg. problems reported per user looks lower for trackingProtection ...

WTF?

https://sql.telemetry.mozilla.org/queries/23721#61701

21 of 60

Some control users’ problems ...

Something* on the page is slowing down the loading speed significantly.”

*Spoiler Alert: it’s the trackers

not responsive”, “slow, freezing”, “Took longer than usual for page to load”, “Connection appears slower than usual”, “Pages are scrolling slowly”, “very slow to load”, “long wait for anything to occur”, “the fire fox not always responding”, “page is very slow to load”, “tremendous lag , page loads very slowly”, “page was laggy and didn't respond”, “Sending mail in Gmail is very slow since installation of this study”, “really slow to load”, “video doesn't load fast”, ...

22 of 60

Tracking Protection

may actually fix websites by blocking tracking elements that break/slow them down!

23 of 60

Do broken websites make users leave Firefox?

24 of 60

Do broken websites make users leave�this study?

25 of 60

Some common site breakages ...

resistFingerprinting causes Facebook problems

firstPartyIsolation causes YouTube problems

https://sql.telemetry.mozilla.org/queries/18276#61772

26 of 60

What % of users leave the study?

After reporting breakage on certain popular sites

Don’t break SUMO: 72% of users left

Don’t break Google sites: 6 out of top 25

Don’t break email: Yahoo Mail, Gmail, Outlook Live in top 20

https://sql.telemetry.mozilla.org/queries/27989#73748

27 of 60

What % of users leave the study?

After reporting breakage on longer tail sites

Don’t break dev sites? Atlassian, GitHub show up

Don’t break porn sites? xvideos show up

https://sql.telemetry.mozilla.org/queries/27989#73748

28 of 60

Breaking workflow sites

(search, accounts, email,

support, development)

makes users leave this study

29 of 60

Do certain kinds of breakage make users leave this study?

30 of 60

“other” is most common breakage* ...

* new claim: we’re not good at predicting kinds of breakage?

https://sql.telemetry.mozilla.org/queries/19634#50162

31 of 60

Some common breakages

firstPartyIsolation causes login failures

resistFingerprinting causes flash problems

https://sql.telemetry.mozilla.org/queries/19634#61483

32 of 60

What % of users with certain breakage disable the study?

94% of users reporting screen breakage disable study

84% of users reporting flash breakage disable study

82% of users reporting login-failure breakage disable study

64% of users reporting payment breakage disable study

https://sql.telemetry.mozilla.org/queries/20097#51471

33 of 60

What % of users with certain breakage disable the study?

screen and flash are only in resistFingerprinting

payment is in control & 3DP cookies branches

login-failure in control, 3DP cookies, first-party isolation, & referer branches

https://sql.telemetry.mozilla.org/queries/20097#51471

34 of 60

Across all branches,

breaking logins and payments

makes users leave

this study

35 of 60

Are there existing prefs that could protect users with minimal breakage?

36 of 60

14% of control users report breakage

18% of firstPartyIsolationOpenerAccess users:� the max recorded in the study

https://sql.telemetry.mozilla.org/queries/23644#61485

6 settings are within margin of error of control

37 of 60

.21 avg. problems per control user

.25 thirdPartyCookiesOnlyFromVisited

.19 trackingProtection

https://sql.telemetry.mozilla.org/queries/23721#61701

4 settings are within margin of error of control

38 of 60

5.1% of control users disable study

8.5% of firstPartyIsolation users

4.7% of originOnlyToThirdParties users

https://sql.telemetry.mozilla.org/queries/19633#50159

5 settings are within margin of error of control

39 of 60

How can we compare “overall breakage”?

40 of 60

“Composite Breakage Score”

An index of web breakage

% of users who report breakage

Average breakage reported by each user

% of users who disable the protection (presumably because of breakage)

*

*

41 of 60

“Composite Breakage Scores”

https://docs.google.com/spreadsheets/d/1m7XEXh93Sa-lu9jZClf-CQYuRoN3zg7rI5naVKtHWOA/edit#gid=0

42 of 60

“Composite Breakage Scores”

WTF?

https://docs.google.com/spreadsheets/d/1m7XEXh93Sa-lu9jZClf-CQYuRoN3zg7rI5naVKtHWOA/edit#gid=0

43 of 60

.24 noThirdPartyCookies

.24 sessionOnlyThirdPartyCookies

.27 thirdPartyCookiesOnlyFromVisited

WTF?

https://sql.telemetry.mozilla.org/queries/23721#61701

44 of 60

Some thirdPartyCookiesOnlyFromVisited users’ problems ...

“The message tells me that my cookies are blocked even though my settings are to accept cookies.”

Got this message ... Cookies are blocked. … your browser doesn’t allow cookies. ...change your browser settings.”, “Cannot access on onlyine bill pay because it thinks cookies are blocked. I checked an my options say to allow cookies. what is going on?”

45 of 60

Users don’t understand

Accept third-party cookies: From Visited

?

46 of 60

Most promising prefs

Based on “Composite Breakage Score”

originOnlyReferer�ToThirdParties

trackingProtection

sessionOnly�ThirdPartyCookies

47 of 60

User values

originOnlyRefererToThirdParties

🙂 Reduces detail sent to trackers

🙂 Very few login failures

🙂 Very little mail breakage

48 of 60

Ecosystem values

originOnlyRefererToThirdParties

🙂 Does not block ads

😢 Referers are used to guarantee ad policies

49 of 60

User values

trackingProtection

🙂 Blocks known trackers completely

🙂 Speed boost

🙂 Very little mail breakage

😢 Triggers ad-blocker-blocker walls

50 of 60

Ecosystem values

trackingProtection

😢 Blocks ads

51 of 60

User values

sessionOnlyThirdPartyCookies

🙂 Limits duration of tracking

🙂 Very little mail breakage

😢 Some login and “unexpected signout” failures

52 of 60

Ecosystem values

sessionOnlyThirdPartyCookies

🙂 Does not blocks ads

53 of 60

Key take-aways

Tracking Protection doesn’t seem to “break” websites as much as we feared

Breaking workflow sites makes users disable the study

Yes!

Some existing prefs could protect users with minimal breakage

54 of 60

More: post-study user surveys

https://data.surveygizmo.com/r/28049_59b7e980008742.80492645

55 of 60

Next ...

Q3-Q4 2017

56 of 60

Tracking Protection

UI for “Always”

launched

in Quantum

https://bugzilla.mozilla.org/show_bug.cgi?id=1387681

57 of 60

Trim 3rd-party Referer to origin

Private Browsing

https://bugzilla.mozilla.org/show_bug.cgi?id=587523

58 of 60

Can trackers just use IP addresses

to track Firefox users?

IP Address Study

https://bugzilla.mozilla.org/show_bug.cgi?id=1423748

59 of 60

Next ...

2018

60 of 60

Next

2018

Project Fusion

(Firefox Using Onions)

Your idea?

Join us in #privacy on IRC